Information security professionals are quite familiar with the pitfalls of the job. Long hours, career frustrations, and high levels of responsibility directly related to the very future of their companies all contribute to increasing stress. All of these stresses are being compounded by other developments in the industry as well.
While most people who work in cybersecurity wouldn’t trade their career choice for anything else, they will probably also admit that job fatigue has become a serious problem. The constant stress can take a mental and physical toll, and it’s only getting worse. Therefore, it’s time for organizations to take a hard look at the contributing factors behind the trend.
So, what’s behind this increase in stress in an already particularly stressful line of work? Several things come immediately to mind:
- The cybersecurity skills gap is growing. The enterprise has known about this gap for a long time, but not enough is being done to close it. Jon Oltsik writes for CSO, “This skills shortage has multiple implications. Organizations don’t have the right sized teams and operate in a perpetually understaffed mode. Often, the cybersecurity team lacks some advanced skills in areas like security analytics, forensic investigations, or cloud computing security, putting more pressure on the most experienced staffers to pick up the slack.”
- Training opportunities for current professionals are lacking. Oltsik notes that nearly two-thirds (62%) of infosec professionals don’t think their organization is providing an adequate level of training to keep them up to date on developing IT and business risks. To make matters worse, cybersecurity pros are spending so much time keeping up with the demands of day-to-day security tasks that they can’t find the time to pursue their own ongoing development and training.
- Cybersecurity pros take their jobs personally. These professionals take a large amount of pride in their jobs and embrace the enormous responsibility of safeguarding their organizations’ data and digital processes. The high amount of emotional investment only adds to the job fatigue and stress that is now rampant in the cybersecurity world.
As Oltsik writes, “At the risk of continuing to sound like Chicken Little, I believe the cybersecurity skills shortage represents an existential threat to all of us … the cybersecurity professionals [organizations] depend upon are overworked, highly stressed, and prone to burnout.”